3

I cannot run an executable by PHP exec() function.

OS: Fedora 15

PHP safe_mode off

PHP code is:

$exe = "/tmp/defne/./CwCssUGxhjAc";
$result = system( $exe, $retval );

chmod 777 on /tmp/defne and /tmp/defne/CwCssUGxhjAc

I can run it on the command line by:

sudo -u apache /tmp/defne/CwCssUGxhjAc

PHP gives apache when I call whoami through a PHP script.

I can run other executables such as gcc, whoami, etc. through PHP. But I cannot run a C/C++ compiled binary.

In apache error log it says:

sh: /tmp/defne/./CwCssUGxhjAc permission denied

Selinux is enabled.

PS: I do not want to disable selinux. Thanks for your ingenious ideas if you would suggest disabling selinux. I can equally well disable the power plug of my computer.

  • Maybe the loader cannot find some library. PHP may not set all the environment variables needed. Run `export` in both PHP and shell and compare the results. – billc.cn Nov 06 '11 at 18:51
  • propably not the libray. The library environment is usually constant to all programs and the message would be different. If it's SELinux bugging you check out the system logs. There should be warning if it was SELinux. – Antti Rytsölä Nov 07 '11 at 20:25
  • Is this binary/script being built dynamically by the PHP application for execution as that influences the solution you can employ. – Matthew Ife Nov 10 '11 at 00:20

1 Answers1

1

SELinux is almost certainly preventing Apache from executing things in /tmp. You can verify this by checking /var/log/audit/audit.log.

The easy solution is to move the binary to a standard location for executables; /usr/local/bin is probably most appropriate.

Alternatively, you could apply the appropriate file context (bin_t) to the binary:

sudo semanage fcontext -a -t bin_t /tmp/defne/CwCssUGxhjAc
sudo restorecon -v /tmp/defne/CwCssUGxhjAc
Patches
  • 121
  • 2